Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1VS3wb-000665-RS for bitcoin-development@lists.sourceforge.net; Fri, 04 Oct 2013 11:53:17 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.148.108 as permitted sender) client-ip=62.13.148.108; envelope-from=pete@petertodd.org; helo=outmail148108.authsmtp.net; Received: from outmail148108.authsmtp.net ([62.13.148.108]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1VS3wX-0006Fz-BN for bitcoin-development@lists.sourceforge.net; Fri, 04 Oct 2013 11:53:17 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt5.authsmtp.com (8.14.2/8.14.2) with ESMTP id r94Br5cr013295; Fri, 4 Oct 2013 12:53:05 +0100 (BST) Received: from savin (76-10-178-109.dsl.teksavvy.com [76.10.178.109]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r94Br14T058995 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Fri, 4 Oct 2013 12:53:04 +0100 (BST) Date: Fri, 4 Oct 2013 07:53:00 -0400 From: Peter Todd To: Mike Hearn Message-ID: <20131004115300.GA22215@savin> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 8744d1c1-2ceb-11e3-94fa-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdgYUF1YAAgsB AmUbWlZeVV57WWc7 bAxPbAVDY01GQQRq WVdMSlVNFUsqCBhz RB8aNhl3fwxPfTBx Z0BhXj5TW0B+IUcu Q1NWRjhUeGZhPWMC WUQOJh5UcAFPdx8U a1N6AHBDAzANdhES HhM4ODE3eDlSNilR RRkIIFQOdA4gGTIx DwoPAzQiAiUA X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 76.10.178.109/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: petertodd.org] X-Headers-End: 1VS3wX-0006Fz-BN Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Code review X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2013 11:53:18 -0000 --n8g4imXOkfNTN/H1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Oct 04, 2013 at 12:30:07PM +0200, Mike Hearn wrote: > Git makes it easy to fork peoples work off and create long series of > commits that achieve some useful goal. That's great for many things. > Unfortunately, code review is not one of those things. >=20 > I'd like to make a small request - when submitting large, complex pieces = of > work for review, please either submit it as one giant squashed change, or > be an absolute fascist about keeping commits logically clean and separate= d. > It really sucks to review things in sequence and then discover that some > code you spent some time thinking about or puzzling out got > deleted/rewritten/changed in a later commit. It also can make it harder to > review things when later code uses new APIs or behaviour changes introduc= ed > in earlier commits - you have to either keep it all in your head, do lots > of tab switching, or do a squash yourself (in which case every reviewer > would have to manually do that). When I'm reviewing multiple commit pull-requests and want to see every change made, I always either click on the "Files Changed" tab on github, which collapses every commit into a single diff, or do the equivalent with git log. Why doesn't that work for you? > On a related note, github seems to have lost the plot with regards to code > review - they are spending their time adding 3D renderers to their diff > viewer but not making basic improvements other tools had for years. >=20 > So, I'd like to suggest the idea of using Review Board: >=20 > http://www.reviewboard.org/ >=20 > It's an open source, dedicated code review tool used by lots of big name > companies for their internal work. It has git[hub] integration and a lot = of > very neat features, like the ability to attach screenshots to reviews. Al= so > more basic ones, like side by side diffs. Branches can be and often are > submitted to the system as single reviews. >=20 > The company behind it (disclosure - written and run by a long time friend > of mine) offers hosting plans, but we could also host it on a Foundation > server instead. One advantage of using github is that they're an independent third party; we should think carefully about the risks of furthering the impression that Bitcoin development is a closed process by moving the code review it to a server that we control with explicit review groups. Given that Review Board appears to remain cryptographically unverifiable there may also be disadvantages in operating it ourselves in that if the review server does get compromised we *don't* have a third-party to blame. In addition GitHub is a third-party with a very valuable reputation to uphold and full-time staff - they're doing a better job of keeping their servers secure and running then we ever could. --=20 'peter'[:-1]@petertodd.org --n8g4imXOkfNTN/H1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJSTqwcAAoJECSBQD2l8JH71bwH/Ap1Mkguf27+ycuDW4yLLj23 DoQrbLGYDFvBLeXVmIYZ0+goIlNQPpf+B/II+i+lQOd7RPeNz+WjQLsdMiwbKjGT wVGXM6KuE08JxhpR0HphTVkJm5UxHc4h+Y7bprXsAYBR6PTEoc20sN53q99G0lHF i/H/3n+AaRdnjRuYCwbI5zHSMfje4TYUflocQ9yNWF7bdYMSvGYANJGxnRk2/2F2 nB37PT89Kx+DQ3okbusmwQm1nOfzfrh1jg3St4DHYL5qc2oiGl+w0ND9HymW4YKE VEPNP6sn8w0UMOl6T1ZFRYCDsZntKifhLl4pGLpwKN8jtiHZi+vicEH9oGqWuQs= =ZRfu -----END PGP SIGNATURE----- --n8g4imXOkfNTN/H1--